Jump to content

Emby permissions problem


rubenmf92

Recommended Posts

rubenmf92

Hi @@mastrmind11, @@Q-Droid, I think a have a permissions problem with emby. I´m trying to see two different external hard drives, but I only manage to see one of them. The permissions and owner of the one I can properly see is:

 

drw-------    4 root  root        4096 sep 19 19:29  mnt

 

drwxr-xr-x 3 root root  4096 jun 30 11:30 mntSubfolder1

drwxr-sr-x 4 root root 4096 sep 17 20:07 mntSubfolder2

drwxr-sr-x 4 userftp sftponly 4096 ago 25 19:50 Movies

 

As you can see, I'm able to see the files even when emby does not belong to the group or owner. 

 

On the contrary, I´m not able to see the files insede the next path:

 

drwxrwxrwx+   3 user user       4096 sep 21 17:47  media

 

drwxr-xrwx+ 3 user user 4096 sep 21 18:12 user

 

drwxrwxrwx 1 user user 12288 jul 26 16:57 MyBook

 

Any tips about how could I solve the problem?

Edited by Luke
Link to comment
Share on other sites

Q-Droid

Hi, I'm trying to picture your directory structure. What is the full path to the media, starting from the / dir?

 

Is it /mnt/mntSubfolder1/mntSubfolder2/Movies? Please share the full path to the directories with media, both with and without access.

 

Your second set (without access) appears to have an ACL defined for the dirs which could be denying privs not visible with ls -l.

 

What OS and platform are you using?

Link to comment
Share on other sites

rubenmf92

Hi, I'm trying to picture your directory structure. What is the full path to the media, starting from the / dir?

 

Is it /mnt/mntSubfolder1/mntSubfolder2/Movies? Please share the full path to the directories with media, both with and without access.

 

Your second set (without access) appears to have an ACL defined for the dirs which could be denying privs not visible with ls -l.

 

What OS and platform are you using?

 

 

Hi!

 

I'm using ubuntu 18.04. The full paths are:

 

-/media/user/MyBook (For the path that is not working)

 

-/mnt/mntSubforlder1/mntSubfolder2/Movies (the path that is working)

 

If its this ACL problem, how could I solve it?

Link to comment
Share on other sites

Q-Droid

That's a strange one. Under most circumstances I would tell you that /mnt/mntSubforlder1/mntSubfolder2/Movies should not be working at all and that /media/user/MyBook should have no problem working.

 

Are you sure you have them right?

 

getfacl /media

and

getfacl /media/user

will show the ACLs on those two.

Link to comment
Share on other sites

rubenmf92

That's a strange one. Under most circumstances I would tell you that /mnt/mntSubforlder1/mntSubfolder2/Movies should not be working at all and that /media/user/MyBook should have no problem working.

 

Are you sure you have them right?

 

getfacl /media

and

getfacl /media/user

will show the ACLs on those two.

 

The outputs are, respectively:

 

# file: media

# owner: user

# group: user

user::rwx

user:root:r-x

group::rwx

mask::rwx

other::rwx

 

And

 

# file: media/user

# owner: user

# group: user

user::rwx

user:root:r-x

user:user:r-x

group::---

mask::r-x

other::rwx

Link to comment
Share on other sites

mastrmind11

:o   Now might be the perfect time to get your permission scheme set correctly, they're a tangled mess as they are.  

 

in any case, are you able to cd and ls in the one emby is unable to access?  what happens if you try as emby user?

Link to comment
Share on other sites

rubenmf92

Yes, I might have a bit of a mess regarding permissions. The path /mnt/mntSubforlder1/mntSubfolder2/Movies belongs to root, because. it is a part of a sftp jail. This path I can properly see it and acces with emby server (even reproduce the content) after modify the group that belongs the emby user (now it is set as emby:x:0:1000:Emby Server:/var/lib/emby:/usr/bin/nologin, where 0 is root and 1000 is the user "user").

 

But on the contrary I cannot acces the path /media/user/MyBook, that belongs to "user". What should be the proper permissions (and user owner) for this path (since it is a mounted external hard drive)?

Link to comment
Share on other sites

Q-Droid

Time to stop and step back. What you've done is effectively make emby the root user by giving it a uid of 0.

 

I agree with Mastermind. You have the chance to fix the privs AND emby id's now before things get worse.

Link to comment
Share on other sites

Q-Droid

Let's start with fixing the emby user, hopefully the original uid and gid are in the home dir.

 

Shutdown the emby server.

 

Let's see what the original gid and uid were.

 

ls -n ~emby

 

usermod -u <orig uid> -g <orig gid> -G video,users emby <- if you want to keep users group

 

There's a chance that files were created under /var/lib/emby with the bad uid and those need to fixed.

 

chown -R emby:emby /var/lib/emby <- this is assuming the emby group was the original default. if it wasn't then change to the correct one.

 

Reboot

Link to comment
Share on other sites

rubenmf92

Let's start with fixing the emby user, hopefully the original uid and gid are in the home dir.

 

Shutdown the emby server.

 

Let's see what the original gid and uid were.

 

ls -n ~emby

 

usermod -u <orig uid> -g <orig gid> -G video,users emby <- if you want to keep users group

 

There's a chance that files were created under /var/lib/emby with the bad uid and those need to fixed.

 

chown -R emby:emby /var/lib/emby <- this is assuming the emby group was the original default. if it wasn't then change to the correct one.

 

Reboot

 

The output for ls -n ~emby is:

 

total 156

drwxr-xr-x 12 0 0   4096 sep 22 09:31 cache

drwxr-xr-x  4 0 0   4096 sep 21 16:58 config

drwxr-xr-x  5 0 0   4096 sep 21 17:15 data

drwxr-xr-x  2 0 0 131072 sep 22 12:40 logs

drwxr-xr-x  4 0 0   4096 sep 22 08:46 metadata

drwxr-xr-x  2 0 0   4096 sep 21 16:58 plugins

drwxr-xr-x  3 0 0   4096 sep 21 16:58 root

drwxr-xr-x  2 0 0   4096 sep 22 09:33 transcoding-temp

 

Does it mean it belongs to root user?

 

And I dont know why if, I have given the emby user "root access" I still cannot see inside the path "/media/user/MyBook" 

Link to comment
Share on other sites

Q-Droid

Yeah, it looks like the emby directories are owned by uid:gid 0, root. I would focus on fixing the emby uid:gid problem first, then worry about access later. Fixing the emby user would prevent other access and upgrade related problems in the future. Even root needs the right permissions for access.

 

Is this a new emby install? If so it might be better to start over clean by uninstalling the emby server and removing the emby user from the OS. It's important to remove the emby user and home directory to keep the current account and config from being reused.

 

If you don't want to reinstall then you'd have to find out what the original uid was for emby and fix it using my previous post.

Edited by Q-Droid
Link to comment
Share on other sites

rubenmf92

Yeah, it looks like the emby directories are owned by uid:gid 0, root. I would focus on fixing the emby uid:gid problem first, then worry about access later. Fixing the emby user would prevent other access and upgrade related problems in the future. Even root needs the right permissions for access.

 

Is this a new emby install? If so it might be better to start over clean by uninstalling the emby server and removing the emby user from the OS. It's important to remove the emby user and home directory to keep the current account and config from being reused.

 

If you don't want to reinstall then you'd have to find out what the original uid was for emby and fix it using my previous post.

 

I have unintalled, purged (and deleted emby user before reinstalling) and now installed again emby server. The ls-n command now looks like:

 

total 24

drwxr-xr-x 5 999 999 4096 sep 22 15:43 cache

drwxr-xr-x 4 999 999 4096 sep 22 15:43 config

drwxr-xr-x 4 999 999 4096 sep 22 15:43 data

drwxr-xr-x 2 999 999 4096 sep 22 15:43 logs

drwxr-xr-x 2 999 999 4096 sep 22 15:43 plugins

drwxr-xr-x 3 999 999 4096 sep 22 15:43 root

 

Now I´m not able to see anything inside /media or /mnt. /media is owned by "user", and /mnt by "root" (because I have a sftp jail)

Link to comment
Share on other sites

Q-Droid

Ok. So if you run 'id emby' you should get something like the below, right?

 

uid=999(emby) gid=999(emby) groups=999(emby)

 

And 'ls -l ~emby' should list 'emby emby' ownership for those files.

 

Now you can add other groups to emby. CORRECTION: Is the group 'user' or 'users'? Use the correct one in the command below.

 

usermod -aG video,user emby

 

Restart again and see if access has changed.

Edited by Q-Droid
Link to comment
Share on other sites

rubenmf92

Ok. So if you run 'id emby' you should get something like the below, right?

 

uid=999(emby) gid=999(emby) groups=999(emby)

 

And 'ls -l ~emby' should list 'emby emby' ownership for those files.

 

Now you can add other groups to emby. CORRECTION: Is the group 'user' or 'users'? Use the correct one in the command below.

 

usermod -aG video,user emby

 

Restart again and see if access has changed.

 

If I do "id emby" I get:

uid=999(emby) gid=999(emby) grupos=999(emby),44(video),1000(user)

 

After doing usermod -aG video,user emby Now emby does not initialize automatically, and I'm strill not able to see the contests of the paths.

Link to comment
Share on other sites

Q-Droid

You have some odd things going on.  I'm not sure how to get around the sftp lockdown which is intended to keep users locked in to that path. If you add the sftponly group to emby it could allow access to /mnt but prevent access elsewhere. It would have to be tested because I don't know.

 

Adding the supplementary groups to emby should not have affected the startup.

 

Try this:

su emby -c "ls -l /media/user/MyBook" -s /bin/bash

 

Also try:

su - emby -s /bin/bash

 

And try to cd to the media locations.

Link to comment
Share on other sites

rubenmf92

You have some odd things going on.  I'm not sure how to get around the sftp lockdown which is intended to keep users locked in to that path. If you add the sftponly group to emby it could allow access to /mnt but prevent access elsewhere. It would have to be tested because I don't know.

 

Adding the supplementary groups to emby should not have affected the startup.

 

Try this:

su emby -c "ls -l /media/user/MyBook" -s /bin/bash

 

Also try:

su - emby -s /bin/bash

 

And try to cd to the media locations.

 

The commands ask me for a pasword for emby, which I think i don't have

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...